forked from tom0li/collection-document
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Android_old
74 lines (73 loc) · 8.41 KB
/
Android_old
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
## Android
#### Android知识
* [Android启动过程的分析](http://www.4hou.com/mobile/7373.html)
* [AndroidManifest.xml文件安全探索](https://bbs.ichunqiu.com/thread-26612-1-1.html)
* [常见app加固厂商脱壳方法研究](http://docs.ioin.in/writeup/www.mottoin.com/_89035_html/index.html)
* [分析某直播App的协议加密原理以及调用加密方法进行协议参数构造](http://www.wjdiankong.cn/android%E9%80%86%E5%90%91%E4%B9%8B%E6%97%85-%E5%88%86%E6%9E%90%E6%9F%90%E7%9B%B4%E6%92%ADapp%E7%9A%84%E5%8D%8F%E8%AE%AE%E5%8A%A0%E5%AF%86%E5%8E%9F%E7%90%86%E4%BB%A5%E5%8F%8A%E8%B0%83%E7%94%A8/)
* [逆向加固的apk详细教程](https://www.secquan.org/Discuss/90)
* [360加固宝加固分析和脱壳教程解析](https://mp.weixin.qq.com/s/xSe2Zrv9Ev4qRaN99YmnRA)
* [Android App常见逆向工具和使用技巧](http://bobao.360.cn/learning/detail/3126.html)
* [Android脱壳圣战之—脱掉360加固壳(破解约友神器的钻石充值功能)](http://www.wjdiankong.cn/android%E8%84%B1%E5%A3%B3%E5%9C%A3%E6%88%98%E4%B9%8B-%E8%84%B1%E6%8E%89360%E5%8A%A0%E5%9B%BA%E5%A3%B3%E7%A0%B4%E8%A7%A3%E7%BA%A6%E5%8F%8B%E7%A5%9E%E5%99%A8%E7%9A%84%E9%92%BB%E7%9F%B3%E5%85%85/)
* [一种常规Android脱壳技术的拓展(附工具)](http://www.freebuf.com/sectool/105147.html)
* [脱掉“360加固”的壳](http://www.wjdiankong.cn/apk%E8%84%B1%E5%A3%B3%E5%9C%A3%E6%88%98%E4%B9%8B-%E8%84%B1%E6%8E%89360%E5%8A%A0%E5%9B%BA%E7%9A%84%E5%A3%B3/)
* [初探android app安全测试](http://docs.ioin.in/writeup/blog.heysec.org/_archives_950/index.html)
* [通过 WebView 攻击 Android 应用](https://zhuanlan.zhihu.com/p/28107901)
* [在Android N上对Java方法做hook遇到的坑](http://rk700.github.io/2017/06/30/hook-on-android-n/)
* [Android安全项目入门篇 红日](https://mp.weixin.qq.com/s?__biz=MzI4NjEyMDk0MA==&mid=2649846643&idx=1&sn=0286e8f1b3e6da0acbd129cb248eac2a)
* [木马APP的简单分析](https://bbs.ichunqiu.com/thread-27661-1-1.html?from=sec)
* [android_app_security_checklist](https://github.com/b-mueller/android_app_security_checklist)
* [Android签名机制简介](http://docs.ioin.in/writeup/www.arkteam.net/fa860d69-16c4-4ed1-8fd7-06fbab513d97/index.html)
* [再谈APP网络端口开放问题](https://bigniu.com/article/view/10)
* [移动APP安全测试要点](http://blog.nsfocus.net/mobile-app-security-security-test/)
* [基于系统调用日志的 Android 恶意软件检测方法](http://www.4hou.com/technology/7856.html)
* [VirtualApp](https://github.com/asLody/VirtualApp/blob/master/CHINESE.md)
* [Android组件安全](https://mp.weixin.qq.com/s?__biz=MzI5MDQ2NjExOQ==&mid=2247484387&idx=1&sn=7264428205276452d40c1ef7b1ed0dcc&chksm=ec1e33cbdb69badd00794f81caa43e5d62e0dc9bb7b9baa9d4c3c9eb64a3a0a18613356bf584#rd)
* [内网穿透——ANDROID木马进入高级攻击阶段(二)](http://blogs.360.cn/360mobile/2017/05/25/analysis_of_milkydoor/)
* [Android 渗透测试学习手册(一)Android 安全入门](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458282048&idx=1&sn=e17505bda5734a97e869cca787020dd7&scene=0#wechat_redirect)
* [Android 渗透测试学习手册(二)准备实验环境](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458282050&idx=1&sn=b65d1266cfbc2afdc912b97065fb6780&scene=0#wechat_redirect)
* [Android 渗透测试学习手册(三)Android 应用的逆向和审计](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458282069&idx=2&sn=c5c8392504600df207d2a59f750e0725&scene=0#wechat_redirect)
* [Android 渗透测试学习手册(四)对 Android 设备进行流量分析](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458282091&idx=2&sn=fc3486b8df2249158b258e679758cbd4&scene=0#wechat_redirect)
* [Android 渗透测试学习手册(五)Android 取证](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458282093&idx=1&sn=4f6272f90b0fdbf04a381d66f46d6c01&scene=0#wechat_redirect)
* [Android 渗透测试学习手册(七)不太知名的 Android 漏洞](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458282104&idx=1&sn=00918a40555200377ec83a20b6f86101&scene=0#wechat_redirect)
* [Android 渗透测试学习手册(八)ARM 利用](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458282104&idx=1&sn=00918a40555200377ec83a20b6f86101&scene=0#wechat_redirect)
* [Android 渗透测试学习手册(九)编写渗透测试报告](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458282109&idx=2&sn=a31aaf55970d2b58d2231406feccaa12&scene=0#wechat_redirect)
* [浅入浅出 Android 安全](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458281912&idx=1&sn=f7f30e1a7f2d24d97d2acecbd5cb2497&scene=0#wechat_redirect)
* [实战教你怎么拿到女神的手机号,渗透某偷红包app](https://www.t00ls.net/viewthread.php?tid=39902&highlight=app)
* [进行一次简单的APP测试](https://www.t00ls.net/viewthread.php?tid=41527&highlight=app)
* [对某病毒app简单分析](https://www.t00ls.net/viewthread.php?tid=37050&highlight=app)
* [Android逆向之动态调试smali代码](https://www.t00ls.net/articles-38338.html)
* [记一次分析锁机APP过程(附解锁工具)](https://bbs.ichunqiu.com/forum.php?mod=viewthread&tid=10602&highlight=app)
* [IDA调试androidso的.init_array数](https://bbs.ichunqiu.com/article-827-1.html)
* [使用Spade Apk后门Hack任意Andorid手机](http://www.mottoin.com/90613.html)
* [记一次apk检测](http://5alt.me/2017/09/%E8%AE%B0%E4%B8%80%E6%AC%A1apk%E6%A3%80%E6%B5%8B/)
* [签名加密破除-burp插件在app接口fuzz中的运用](http://cb.drops.wiki/drops/papers-17042.html)
* [Android应用安全开发之浅谈网页打开APP](http://cb.drops.wiki/drops/mobile-15202.html)
* [安卓APP动态调试-IDA实用攻略](http://cb.drops.wiki/drops/mobile-5942.html)
* [一次app抓包引发的Android分析记录](http://cb.drops.wiki/drops/tips-2871.html)
* [一次app抓包引发的Android分析(续)](http://cb.drops.wiki/drops/tips-2986.html)
* [APK签名校验绕过](http://cb.drops.wiki/drops/mobile-4296.html)
* [APK瘦身记,如何实现高达53%的压缩效果](http://cb.drops.wiki/drops/mobiledev-14289.html)
* [Android安全开发之ZIP文件目录遍历](http://cb.drops.wiki/drops/mobile-17081.html)
* [Android Java层的anti-hooking技巧](http://cb.drops.wiki/drops/tips-16356.html)
* [Android安全开发之Provider组件安全](http://cb.drops.wiki/drops/mobile-16382.html)
* [Android安全开发之浅谈密钥硬编码](http://cb.drops.wiki/drops/tips-15870.html)
* [利用cache特性检测Android模拟器](http://cb.drops.wiki/drops/tips-13245.html)
* [Android应用安全开发之防范无意识的数据泄露](http://cb.drops.wiki/drops/mobile-12469.html)
* [Android Linker学习笔记](http://cb.drops.wiki/drops/tips-12122.html)
* [Android平台下二维码漏洞攻击杂谈](http://cb.drops.wiki/drops/mobile-10775.html)
* [Android应用方法隐藏及反调试技术浅析](http://cb.drops.wiki/drops/tips-9471.html)
* [Android密码学相关](http://cb.drops.wiki/drops/tips-6049.html)
* [浅谈Android开放网络端口的安全风险](http://cb.drops.wiki/drops/mobile-6973.html)
* [从APK解密到批量获取他人信息](http://www.freebuf.com/articles/web/56728.html)
* [APP漏洞挖掘之Content Provider提取数据](https://www.secquan.org/Discuss/424)
* [逆向加固的apk详细教程](https://www.secquan.org/Discuss/90)
* [一次对APK木马的简单分析](https://forum.90sec.org/forum.php?mod=viewthread&tid=8733&highlight=apk)
* [从零开始学Android应用安全测试(Part1)](http://www.freebuf.com/news/topnews/60154.html)
* [从零开始学Android应用安全测试(Part2)](http://www.freebuf.com/news/topnews/60481.html)
* [从零开始学Android应用安全测试(Part3)](http://www.freebuf.com/news/topnews/62750.html)
* [从零开始学Android应用安全测试(Part4)](http://www.freebuf.com/news/topnews/63125.html)
* [360最新虚拟壳脱壳后完全修复详细解析](http://www.freebuf.com/articles/terminal/152617.html)
* [Android平台下二维码漏洞攻击杂谈](http://bobao.360.cn/learning/detail/2421.html)
* [Android代码混淆技术总结](https://www.anquanke.com/post/id/85843)
* [Android Accessibility点击劫持攻防](https://sec.xiaomi.com/article/36)
* [Android逆向之旅—Android中分析某音短视频的数据请求加密协议(IDA动态调试SO)第一篇](http://www.wjdiankong.cn/android%E9%80%86%E5%90%91%E4%B9%8B%E6%97%85-android%E4%B8%AD%E5%88%86%E6%9E%90%E6%8A%96%E9%9F%B3%E5%92%8C%E7%81%AB%E5%B1%B1%E5%B0%8F%E8%A7%86%E9%A2%91%E7%9A%84%E6%95%B0%E6%8D%AE%E8%AF%B7%E6%B1%82/)